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5 The present invention relates generally to a 

program-controlled apparatus in accordance with the 
preamble to claim 1; in particular, the present 
invention relates to a data processing or 
telecommunications apparatus controlled by means of 

10 software. 

Program-controlled apparatuses or systems 
comprise system hardware in order to perform or carry 
out particular functions of the program-controlled 
apparatus. The system hardware is supplemented by 

15 system software, which provides operating data for the 
operation of the program-controlled apparatus and thus 
represents the basis for control of the system 
hardware. In known program-controlled 

telecommunications systems, copy protection in the form 

20 of the so-called dongle concept is then used in order 
to ensure that the system software is used only 
together with that system hardware for which the user 
has also purchased licenses. This is intended to 
prevent unauthorized copying of the system software 

2 5 from individual system hardware to other system 

hardware . 

With the dongle concept, the system checks at 
startup whether the dongle has been placed or plugged 
into the system. If this is not the case, the system 

3 0 cannot be operated. The problem with this concept, 

however, is the fact that the dongle is removable and 
can thus be placed into another system for which no 
license has actually been purchased, so that the 
correlation check for the hardware and software of a 
35 system can be artificially corrupted. There is 
therefore a need for an improved concept which ensures 
that the system software 
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can be used only insofar as it is also covered by 
licenses . 

The present invention is therefore based on the 
object of specifying an improved program-controlled 
5 apparatus which reliably prevents unauthorized copying 
of the system software and/or unauthorized use of the 
system software. 

The present invention achieves this object by 
means of a program-controlled apparatus having the 

10 features of claim 1 . The dependent claims describe 
preferred and advantageous refinements of the present 
invention, which, for their part, contribute to 
improved protection of the system software. 

According to the present invention, the 

15 program-controlled apparatus is used together with 
memory means, for example in the form of a crypto chip, 
which store individual user data stipulating and 
defining the possible scope of use of the system 
software for the respective user. When the program- 

20 controlled apparatus is put into operation, this user 
data is read out and made the basis for control of the 
system hardware, such that the system hardware is 
driven by the system software only within the scope of 
use defined by the individual user data. In this way, 

2 5 only predefined service features or a particular number 

of applications of the system software may be enabled 
for particular users . 

If the memory means are produced in the form of 
a crypto chip, said crypto chip may be incorporated, by 

3 0 way of example, in the multilayer backplane of the 

central processor unit of the apparatus, so that it is 
permanently connected to the central processor unit, 
i.e. the system software, locally and is particularly 
difficult to access. When the program-controlled 
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apparatus is delivered, customer-specific keys or 
algorithms are programmed in this chip, for example, so 
that the system software delivered with the apparatus 
is able to run only within the scope defined by the 
5 programmed keys/algorithms. Although the system 
software and the associated database for the program- 
controlled apparatus may preferably be copied for 
backup purposes, in this way they are not able to run 
on other systems or apparatuses without the crypto 
10 chip. 

So that diagnosis /maintenance of the program- 
controlled apparatus can still be carried out, an 
external smart card reader, for example, may be 
connected for this purpose, so that the entire system 

15 software is accessible again when an authorized 
person's appropriate smart card is inserted. The use of 
other identification means for diagnosis/maintenance 
purposes is likewise conceivable, said other 
identification means allowing a check on the entry of a 

20 particular code authorizing diagnosis /maintenance . 

The present invention may be applied to various 
types of program-controlled apparatuses, one preferred 
area of application being that of data processing or 
telecommunications apparatuses. In particular, the 

25 present invention may be used in telecommunications 
systems used in private networks for setting up 
communications links between subscribers associated 
with the telecommunications system. 

The present invention is explained in more 

30 detail below with the aid of a preferred illustrative 
embodiment and with reference to the appended drawing. 

Figure 1 shows a simplified block diagram of a 
program-controlled apparatus in the form of a program- 
controlled telecommunications system, and 
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Figure 2 shows a simplified block diagram of 
the control device shown in Figure 1 in accordance with 
the present invention. 

Although the present invention can be applied 
5 generally to program-controlled apparatuses of various 
types in which hardware and software are provided 
separately from one another, the invention will be 
explained in more detail below with particular 
reference to a telecommunications system. 

10 Figure 1 shows a simplified block diagram of a 

telecommunications system 1, such as is used in private 
communications networks, for example. The 

telecommunications system 1 is used for switching 
voice, image, text and data connections between the 

15 subscribers associated with the telecommunications 
system 1. The telecommunications system 1 preferably 
operates digitally, i.e. digital information 

transmission takes place within the telecommunications 
system 1 . 

2 0 The telecommunications system 1 comprises, as 

central hardware device, a digital switching network 4, 
which represents the actual switching element in the 
telecommunications system 1. The switching network 4 
allows so-called position-based switching from one 

2 5 transmission line connected to the telecommunications 

system 1 to another transmission line, and so-called 
time-based switching from one transmission channel to 
another transmission channel. The digital switching 
network 4 is generally split into individual switching 

3 0 network modules or switching stages. 

The telecommunications system 1 has different 
associated subscribers and transmission lines connected 
to the digital switching network 4 via line 
terminations 2a-2c. If necessary, the line terminations 
35 2a-2c perform analogue/digital conversion in the 
incoming direction and digital /analogue conversion in 
the outgoing 
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direction. The line terminations 2a-2c can be connected 
to the digital switching network 4 by means of PCM 
transmission lines, for example, having 64 channels, 
for example. For the sake of simplicity, Figure 1 shows 
5 a plurality of subscriber lines 3 only for the line 
termination 2a, these subscriber lines being able to be 
associated both with analogue and digital subscriber 
terminals. Naturally, the line terminations 2b and 2c 
are each connected to a multiplicity of subscriber 

10 lines 3 as well. 

The telecommunications system 1 is program- 
controlled. This is done using a controller 5 which 
receives the requests for connections from the 
subscribers in the telecommunications system 1, sets 

15 the paths and controls the entire telecommunications 
system 1, in particular the hardware, i.e. the 
switching network 4, of the telecommunications system 
1 . 

The design of the controller 5 shown in Figure 
2 0 1 will be explained in more detail below with reference 
to Figure 2 . 

The central module in the controller 5 is a 
central control unit (CPU) 6 in the form of a central 
processor used to drive the system hardware in the 

2 5 telecommunications system 1. The central control unit 6 

is program-controlled and, for this purpose, is driven 
by a piece of system software 7 which provides a 
particular database containing operating data for 
operating the system hardware. In this way, the system 

3 0 hardware or the telecommunications system 1 can be 

provided for a multiplicity of service features 
LM # 1 - LM # n defined by the system software 7 or its 
database, with the system software 7, in particular, 
prescribing for each service feature the operating 
3 5 parameters it requires. With reference to Figure 2, 
this means that the first service feature LM # 1 may be 
produced with three different operating parameters 1-A 
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2-A and 2-B are possible for the second service feature 
LM # 2. Overall, the system software 7 thus equips the 
telecommunications system 1 to produce n service 
features. These service features may be generally known 
5 facilities for digital telephone networks, such as 
"call waiting", "call diversion", "call forwarding", 
"calling line identification presentation" or "advice 
of charge", etc. The system software 7 or the 
corresponding database thus provides the central 

10 control unit 6 with all the operating information 
necessary for operating the telecommunications system 
1, so that the telecommunications system 1 or its 
system hardware can be program-controlled. 

The system software 7 and the associated 

15 database can be copied by the respective user for 
backup purposes. However, to ensure that the system 
software 7 or its database is not able to run on other 
systems or telecommunications systems with different 
system hardware, the central control unit 6 in the 

2 0 telecommunications system 1 is coupled to an additional 
memory 8, which contains individual user data. In 
particular, this memory 8 may be a crypto chip, as is 
generally used in connection with smart cards. The 
memory 8 is permanently coupled to the central control 

2 5 unit 6 locally and, by way of example, is incorporated 

in the multilayer backplane of the central control unit 
6, so that the memory 8 cannot be isolated from the 
central control unit 6 . 

When the telecommunications system or the 

3 0 program-controlled apparatus is delivered, the 

aforementioned individual user data is programmed, i.e. 
stored, in this memory 8, said individual user data 
comprising, by way of example, customer-specific keys 
or algorithms and defining the respective 



35 




GR 98 P 1839 

- 7 - 

user's possible scope of use of the system software or 
of the telecommunications system. 

Since the memory 8 is permanently, i.e. not 
removably, coupled to the system software or the 
5 central control unit 6, self -identification of the 
system hardware using the memory 8 or the information 
stored in it is possible, so that an unambiguous 1:1 
association between the system software and the system 
hardware in the telecommunications system is provided, 

10 and the system software 7 is assured not to be able to 
run on another telecommunications system, i.e. in 
conjunction with other system hardware. Since, in 
particular, the memory 8 is permanently coupled to the 
central control unit 6, the problem described in the 

15 introduction regarding the dongle concept, which arises 
on account of the interchangeability of the dongle, is 
not encountered on the basis of the present invention. 

As Figure 2 shows, the individual user data 
stored in the memory 8 comprises, in particular, 

20 information stipulating the respective user's possible 
scope of use of the system software 7 . The user data 
stored in the memory 8 can thus stipulate which of the 
service features offered by the telecommunications 
system or the system software 7 are accessible for the 

25 respective user, and how many different applications 
are covered by the license associated with the memory 
or the crypto chip 8. In the example shown in Figure 2, 
by way of example, the user has access only to service 
features LM # 1 and LM # 3, with service feature LM # 1 

3 0 additionally being able to be operated only with 
parameters 1-A and 1-C, for example, whereas service 
feature LM # 3 can be accessed by the user only with 
operating parameter 3-B. This ensures that the system 
software 7 delivered with the system hardware is able 

3 5 to run only within the 
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scope ordered by the respective user beforehand. 

Despite the restriction of the scope of use by 
the user data stored in the memory 8, the case may 
arise that the entire system software 7 needs to be 
5 accessed for diagnosis or maintenance purposes. For 
this purpose, the central control unit 6 can be coupled 
to an interface 9 to which, by way of example, an 
external smart card reader may be connected, so that an 
authorized person can identify himself to the 

10 telecommunications system or to the central control 
unit 6 using a special smart card and can cancel the 
restrictions on the system software 7 which are 
prescribed by the memory 8. Of course, it is also 
possible to use other identification means allowing 

15 identification of a person authorized to access the 
entire system software 7 or its entire database. Thus, 
by way of example, provision may be made for a keyboard 
entry instead of a smart card reader, on which basis 
entry of an appropriate access code removes the 

20 restrictions in the memory 8 and the authorized person 
can access the entire system software 7 . 




